what do other developers think about localized lists for security
advisories, such as debian-security-announce-$lang@lists?
Currently, all DSAs are released via mail in english on
debian-security-announce@lists and copied to www.debian.org
afterwards, where they will be picked up by seven fellow translators
who produce the text part in their native tongue.
This means that people who are interested in security, should
subscribe to the -announce list for immediate notification. Those who
prefer an advisory in their native tongue will have to wait up to one
day to see the translation online.
Establishing localized -announce lists could impose an unacceptable
delay before the translated advisory gets posted to the localized
list. This will probably be the case especially with long
advisories or when translators are on their holidays or simply too
busy to maintain the translation properly or if Debian releases a
couple of advisories on one day.
This could lead to a false assumtion that no vulnerabilities were
found and fixed, leaving a system vulnerable longer than it would be
Given the above, what do you think about establishing localized
security-announce lists? Please discuss this issue on debian-security
and not on debian-devel or debian-project to reach a larger audience.
1. Danish, French, German, Japanese, Portuguese, Spanish and Swedish
2. See DSA 134 as a very bad example (Murphy...) or DSA 148
3. No harm intended, this happens to some people all the time (e.g. myself)
4. *cough* DSA 149, 150, 151 and 152 were released at the same day
Unix is user friendly ... It's just picky about its friends.
Please always Cc to me when replying to me on the lists.